All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does Eventgen need to be setup in a special way for a distributed environment?

dmacgillivray
Communicator
‎08-26-2016 06:36 AM

All,
I can't find anything on setting up eventgen for a distributed environment. By the looks of the demo, it would appear that this developer had an all in one instance set up. How would I add in eventgen for my dev environment of 3 search heads and 3 indexers in a distributed dev environment ?

I am curious, as it would be really cool to let this data just pass onto my indexers without having to add the app over to all of them. Especially as it is non-clustered. ? Perhaps running from a single DB Connect search head forwarding on the event? Not sure it how it is supposed to work when it comes to scale of environment?

Any advice would be appreciated, even if it is a statement saying, yes you can add it to just a search head or just an indexer or for that matter an HF? Thanks in advance.

Thanks,
Daniel MacGillivray

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-26-2016 07:03 AM

Eventgen does not necessarily have to be run in Splunk. I can be run as an independent app as well. Here's an extract from online documentation. So you could set this up outside Splunk and stream the data into Splunk, making the Splunk deployment architecture moot.

"... Parameters for setting up outputMode = splunkstream. This is only required if we want to run the eventgen outside of Splunk. As a Splunk App and running as a scripted input, eventgen will gather this information from Splunk itself. Since we'll be running this from the command line for the tutorial, please customize your username and password in the tutorial. ..."

https://github.com/coccyx/eventgen/blob/master/README/Tutorial.md

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎08-26-2016 07:03 AM

Eventgen does not necessarily have to be run in Splunk. I can be run as an independent app as well. Here's an extract from online documentation. So you could set this up outside Splunk and stream the data into Splunk, making the Splunk deployment architecture moot.

"... Parameters for setting up outputMode = splunkstream. This is only required if we want to run the eventgen outside of Splunk. As a Splunk App and running as a scripted input, eventgen will gather this information from Splunk itself. Since we'll be running this from the command line for the tutorial, please customize your username and password in the tutorial. ..."

https://github.com/coccyx/eventgen/blob/master/README/Tutorial.md

0 Karma
Reply
Solved! Jump to solution

dmacgillivray
Communicator
‎08-26-2016 07:47 AM

Thanks Sudareshr, as stated by a co-worker in another role I once had. "Always Read the README" 🙂
Glad to know about the stream method, in that situation it would work best for us !

Stream must be similar to how rsyslog would work? I will check it out and thanks again !!

0 Karma
Reply
Solved! Jump to solution

dmacgillivray
Communicator
‎08-26-2016 07:49 AM

Ah, the REST API call. Of course. Not like rsyslog at all.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top